Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5B12E200C22 for ; Tue, 21 Feb 2017 19:12:24 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 599AE160B68; Tue, 21 Feb 2017 18:12:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0398A160B4F for ; Tue, 21 Feb 2017 19:12:22 +0100 (CET) Received: (qmail 7184 invoked by uid 500); 21 Feb 2017 18:12:22 -0000 Mailing-List: contact user-help@kudu.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@kudu.apache.org Delivered-To: mailing list user@kudu.apache.org Received: (qmail 7174 invoked by uid 99); 21 Feb 2017 18:12:21 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Feb 2017 18:12:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 82006185F11 for ; Tue, 21 Feb 2017 18:12:21 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.508 X-Spam-Level: ** X-Spam-Status: No, score=2.508 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=cloudera-com.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id ejCL8UT-m6d3 for ; Tue, 21 Feb 2017 18:12:19 +0000 (UTC) Received: from mail-ua0-f176.google.com (mail-ua0-f176.google.com [209.85.217.176]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id C60445F2C2 for ; Tue, 21 Feb 2017 18:12:18 +0000 (UTC) Received: by mail-ua0-f176.google.com with SMTP id 40so15927966uau.2 for ; Tue, 21 Feb 2017 10:12:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudera-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=wlKnQnFOwKH/DL/b0SOHKx1DPogr5tz0FZk6JKAHeSE=; b=aJcZ0+l6DpBbgmaByVJcIVRXmUDEIM2qO7u724iTXVgbgbrjXnRDF9xxTkQaRxBp2z PoExRcYx3x366uUYwHLFZqQgVHxC8W56QySf27mV8rdagpWkb96sxUdbPBjFplm2fjrN spkuvLevhUdadYn5VmRmZ73lRf0/CLXXoVUFcq2rqP1vt7StBKVuhz3SvG9L15tk5OLQ kaKyZdMxxezwYaJQXNkdVeM0v4eBSoj412RCS8ZduTKltJlLOxFvdxf99jmVdPqqhZr1 9VeSBM3S2rk1YEKRWkwSbO/ZZ+NkGdjbCjHYIm5FRB1V3YGDkzqkR/fcYHGpe3KdVqXZ mKcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=wlKnQnFOwKH/DL/b0SOHKx1DPogr5tz0FZk6JKAHeSE=; b=tk/KGyss27lCKyhzMZOdS55vKV2cQoWKqsAPq4B3Itp90pSZiQPdGNbZthujpGujSY mXpsq3Zkulv2iJT1C9okw0m4zVL6+DYyNvh3brigCu2nOSXmEjev366FMN7dU2qSqt+s q9Ac3BRtLju4A59IzePZNn3IffOIpSu1ZqzUGJE9JlXXqlms2zHkMVjgVNzCCkP34P2Y ifEtt10vI7QVk5q5Fsu1983kdte3tBpvHqnyO7ZuFEc2IgxEJt/2/ocJNqy3bLcSmyr7 rpIf72dAdhj9RQHUSl4WFAuYu9g1mxGPPcdz+4bwRIszWsrtuGVodko8YTsaS0K0kWa5 7giQ== X-Gm-Message-State: AMke39m1cacaxUUkRr2Q32ZCbl8V39uvFaeGzXFoW0k83jN+PYnxQ4MD+3g2Q9tICZZF2ONuKVJeT9c9YoW1mqqd X-Received: by 10.159.33.215 with SMTP id 81mr6209127uac.152.1487700737422; Tue, 21 Feb 2017 10:12:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.38.98 with HTTP; Tue, 21 Feb 2017 10:11:56 -0800 (PST) In-Reply-To: References: From: Todd Lipcon Date: Tue, 21 Feb 2017 10:11:56 -0800 Message-ID: Subject: Re: Kudu security To: user@kudu.apache.org Content-Type: multipart/alternative; boundary=001a113534d2fd0a2c05490e517e archived-at: Tue, 21 Feb 2017 18:12:24 -0000 --001a113534d2fd0a2c05490e517e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Feb 21, 2017 at 9:31 AM, Pablo Vazquez wrote: > Hi Adar. > > Thanks a lot, that is really great news and important thing for us. At > present having any security feature is crucial. Having an LDAP > authentication will also work for our project. > Hi Pablo, LDAP authentication isn't currently being worked on. We're following the Hadoop ecosystem model where single-sign-on via Kerberos is typically the norm, rather than adding explicit APIs to log in to Kudu via username/password, as you might see with LDAP. Given that many enterprises use Active Directory for LDAP, and AD also provides Kerberos, would Kerberos login be sufficient for your use case? > > > Do you have any expected date for that release? > > As an open source project we don't pre-publish any kind of committed release timelines. That said, there are a bunch of security-related patches in review right now, and I'm hoping we can branch for the release in the next couple of days once the current batch of them is committed. Releases tend to follow in the next few weeks following the branch creation, though of course it depends on how many bugs are found after the branch, etc. As an aside, please keep in mind that the only official Apache Kudu releases are source releases, and vendor binary releases typically lag the open source project releases by some amount of time (depending on their own release schedules, test processes, integration, etc). -Todd > > On Tue, Feb 21, 2017 at 10:20 AM, Adar Dembo wrote: > >> Hi Pablo, >> >> Security features are being actively developed right now, and should >> probably make it into the next upstream Kudu release (i.e. 1.3). These >> include Kerberos support for authentication as well as TLS for encryptio= n. >> If you need more detail I'm sure other folks here can provide it. >> >> Just out of curiosity, what kind of security features do you need? It'd >> be good to make sure that what's under development satisfies your needs. >> >> >> On Tue, Feb 21, 2017 at 7:45 AM, Pablo Vazquez > > wrote: >> >>> >>> Hi Kudu Team, >>> >>> As Kudu does not support any security at this moment, this is a barrier >>> for Kudu production deployment for some of the projects. >>> >>> Just a request to know, when can we expect security in Kudu. It would >>> be really helpful if we can have some security feature in next release. >>> >>> -- >>> *Pablo Quetzalc=C3=B3atl V=C3=A1zquez*| Software Designer >>> *GLOBANT* >>> >>> [image: Facebook] >>> [image: >>> Twitter] >>> [image: >>> Youtube] >>> [image: >>> Linkedin] >>> [image: >>> Pinterest] >>> [image: >>> Globant] >>> >>> >>> The information contained in this e-mail may be confidential. It has >>> been sent for the sole use of the intended recipient(s). If the reader = of >>> this message is not an intended recipient, you are hereby notified that= any >>> unauthorized review, use, disclosure, dissemination, distribution or >>> copying of this communication, or any of its contents, >>> is strictly prohibited. If you have received it by mistake please let >>> us know by e-mail immediately and delete it from your system. Many >>> thanks. >>> >>> >>> >>> La informaci=C3=B3n contenida en este mensaje puede ser confidencial. H= a sido >>> enviada para el uso exclusivo del destinatario(s) previsto. Si el lecto= r de >>> este mensaje no fuera el destinatario previsto, por el presente queda U= d. >>> notificado que cualquier lectura, uso, publicaci=C3=B3n, diseminaci=C3= =B3n, >>> distribuci=C3=B3n o copiado de esta comunicaci=C3=B3n o su contenido es= t=C3=A1 >>> estrictamente prohibido. En caso de que Ud. hubiera recibido este mensa= je >>> por error le agradeceremos notificarnos por e-mail inmediatamente y >>> eliminarlo de su sistema. Muchas gracias. >>> >>> >> > > > -- > *Pablo Quetzalc=C3=B3atl V=C3=A1zquez*| Software Designer > *GLOBANT* > > [image: Facebook] > [image: > Twitter] > [image: > Youtube] > [image: > Linkedin] > [image: > Pinterest] > [image: > Globant] > > > The information contained in this e-mail may be confidential. It has been > sent for the sole use of the intended recipient(s). If the reader of this > message is not an intended recipient, you are hereby notified that any > unauthorized review, use, disclosure, dissemination, distribution or > copying of this communication, or any of its contents, > is strictly prohibited. If you have received it by mistake please let us > know by e-mail immediately and delete it from your system. Many thanks. > > > > La informaci=C3=B3n contenida en este mensaje puede ser confidencial. Ha = sido > enviada para el uso exclusivo del destinatario(s) previsto. Si el lector = de > este mensaje no fuera el destinatario previsto, por el presente queda Ud. > notificado que cualquier lectura, uso, publicaci=C3=B3n, diseminaci=C3=B3= n, > distribuci=C3=B3n o copiado de esta comunicaci=C3=B3n o su contenido est= =C3=A1 > estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje > por error le agradeceremos notificarnos por e-mail inmediatamente y > eliminarlo de su sistema. Muchas gracias. > > --=20 Todd Lipcon Software Engineer, Cloudera --001a113534d2fd0a2c05490e517e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On T= ue, Feb 21, 2017 at 9:31 AM, Pablo Vazquez <pablo.vazquez@globant.= com> wrote:
Hi Adar.

<= div>Thanks a lot, that is really great news and important thing= for us. At present having any security feature is crucial. Having a= n LDAP authentication will also work for our project.

Hi Pablo,

LDAP authentication isn't currently being worked on. We're follow= ing the Hadoop ecosystem model where single-sign-on via Kerberos is typical= ly the norm, rather than adding explicit APIs to log in to Kudu via usernam= e/password, as you might see with LDAP.

Given that= many enterprises use Active Directory for LDAP, and AD also provides Kerbe= ros, would Kerberos login be sufficient for your use case?


Do you have any expected date for that release?=


=
As an open source project we don't pre-publish any kind of c= ommitted release timelines. That said, there are a bunch of security-relate= d patches in review right now, and I'm hoping we can branch for the rel= ease in the next couple of days once the current batch of them is committed= . Releases tend to follow in the next few weeks following the branch creati= on, though of course it depends on how many bugs are found after the branch= , etc.=C2=A0

As an aside, please keep in mind that= the only official Apache Kudu releases are source releases, and vendor bin= ary releases typically lag the open source project releases by some amount = of time (depending on their own release schedules, test processes, integrat= ion, etc).

-Todd
=C2=A0

On Tue, Feb 21, 2017 at 10:20 AM, Adar Dembo <adar@cl= oudera.com> wrote:
Hi Pablo,

Security features are being actively = developed right now, and should probably make it into the next upstream Kud= u release (i.e. 1.3). These include Kerberos support for authentication as = well as TLS for encryption. If you need more detail I'm sure other folk= s here can provide it.

Just out of curiosity, what= kind of security features do you need? It'd be good to make sure that = what's under development satisfies your needs.


On Tue, Feb 21, 2017 at 7:45 AM, Pablo Vazquez= <pablo.vazquez@globant.com> wrote:
=
=

Hi Kudu Team,
As Kudu does not support any security at this = moment, this is a barrier for Kudu production deployment for some of the pr= ojects.

Just a request to know, when= can we expect security in Kudu.=C2=A0It would be really= helpful=C2=A0if we can have some security feature in ne= xt release.

--
Pablo Quetzalc=C3=B3atl V=C3=A1zquez|=C2=A0Software Designer
GLOBANT=C2=A0

3D"Facebook"3D"Twitter"3D"Youtube"3D"Linkedin"3D"Pinterest"<= a href=3D"http://s.wisestamp.com/links?url=3Dhttp%3A%2F%2Fwww.globant.com%2= F&sn=3Db3psb3BlekB5YWhvby5jb20%3D" style=3D"color:rgb(17,85,204)" targe= t=3D"_blank">3D"Globant"


The inf= ormation contained in this e-mail may be=C2=A0confidential. It has been sen= t for the sole use of the intended recipient(s). If the reader of this mess= age is not an intended recipient, you are hereby notified that any unauthor= ized review, use, disclosure, dissemination, distribution or copying of thi= s communication, or any of its contents, is=C2=A0strictly=C2=A0prohibited.= =C2=A0If you have recei= ved it by mistake please let us know by e-mail immediately and delete it fr= om your system.=C2=A0Many thanks.=

=C2=A0<= /font>

La informaci=C3=B3n cont= enida en este mensaje puede ser confidencial. Ha sido enviada para el uso e= xclusivo del destinatario(s) previsto. Si el lector de este mensaje no fuer= a el destinatario previsto, por el presente queda Ud. notificado que cualqu= ier lectura, uso, publicaci=C3=B3n, diseminaci=C3=B3n, distribuci=C3=B3n o = copiado de esta comunicaci=C3=B3n o su contenido est=C3=A1 estrictamente pr= ohibido. En caso de que Ud. hubiera recibido este mensaje por error le agra= deceremos notificarnos por e-mail inmediatamente y eliminarlo de su sistema= .=C2=A0Muchas gracias.<= /span>






--
<= td width=3D"494" height=3D"21" style=3D"font-family:arial,helvetica,sans-se= rif;padding:0px;line-height:15px">Pablo Quetzalc=C3=B3atl V=C3=A1zquez|=C2=A0Software Designer
=C2=A0


3D"Facebook"<= /td>3D"Twitter"3D"Youtube"3D"L== 3D"Pinterest"3D"Globant"

The information con= tained in this e-mail may be=C2=A0confidential. It has been sent for the so= le use of the intended recipient(s). If the reader of this message is not a= n intended recipient, you are hereby notified that any unauthorized review,= use, disclosure, dissemination, distribution or copying of this communicat= ion, or any of its contents, is=C2=A0strictly=C2=A0prohibited.=C2=A0= If you have received it by mis= take please let us know by e-mail immediately and delete it from your syste= m.=C2=A0= Many thanks.

=C2=A0=

La informaci=C3=B3n contenida en este= mensaje puede ser confidencial. Ha sido enviada para el uso exclusivo del = destinatario(s) previsto. Si el lector de este mensaje no fuera el destinat= ario previsto, por el presente queda Ud. notificado que cualquier lectura, = uso, publicaci=C3=B3n, diseminaci=C3=B3n, distribuci=C3=B3n o copiado de es= ta comunicaci=C3=B3n o su contenido est=C3=A1 estrictamente prohibido. En c= aso de que Ud. hubiera recibido este mensaje por error le agradeceremos not= ificarnos por e-mail inmediatamente y eliminarlo de su sistema.=C2=A0Muchas gracias.=




--
Todd Lipcon
Software Engineer, Cloudera
--001a113534d2fd0a2c05490e517e--